Trouble getting kerberized nfsv4 working

Kevin Coffman kwc at citi.umich.edu
Sun Jul 29 09:52:50 EDT 2007 

On 7/28/07, Davíð Geirsson <davidgeirs at gmail.com> wrote:
> Hi all,
>
> I'm trying to set up a linux NFSv4 client to mount a share from a
> solaris server. I have set up a krb5 enabled export on solaris, and
> I'm able to mount that locally. But the linux client fails (see
> below).
>
> The kerberos realm is PROVIDER, domain is provider. provider.provider
> is the solaris server and gagnagleypir.provider is the linux client
> (running debian unstable, linux 2.6.18). I have created host/ and nfs/
> principals for both machines and added them to the respective keytabs.
>
> The client's fstab contains:
> provider.provider:/risi/provider        /provider       nfs4
> noauto,user,sec=krb5    0       0
>
> When i try to mount the filesystem this happens:
> gagnagleypir:~# mount /provider/
> mount: block device provider.provider:/risi/provider is
> write-protected, mounting read-only
> mount: cannot mount block device provider.provider:/risi/provider read-only
>
> Meanwhile, if I make rpc.gssd verbose, this is it's log:
>
> gagnagleypir:~# rpc.gssd -vvvvvvvvvvvvvvvvvvvvvvvv -rrrrrrrrrrrrrrrrrrrrrrr -f
> beginning poll
> handling krb5 upcall
> Full hostname for 'provider.provider' is 'provider.provider'
> Full hostname for 'gagnagleypir.provider' is 'gagnagleypir.provider'
> Key table entry not found while getting keytab entry for
> 'root/gagnagleypir.provider at PROVIDER'
> Success getting keytab entry for 'nfs/gagnagleypir.provider at PROVIDER'
> INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_PROVIDER' are good
> until 1185702882
> INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_PROVIDER' are good
> until 1185702882
> using FILE:/tmp/krb5cc_machine_PROVIDER as credentials cache for machine creds
> using environment variable to select krb5 ccache
> FILE:/tmp/krb5cc_machine_PROVIDER
> creating context using fsuid 0 (save_uid 0)
> creating tcp client for server provider.provider
> creating context with server nfs at provider.provider
> WARNING: Failed to create krb5 context for user with uid 0 for server
> provider.provider
> WARNING: Failed to create krb5 context for user with uid 0 with
> credentials cache FILE:/tmp/krb5cc_machine_PROVIDER for server
> provider.provider
> WARNING: Failed to create krb5 context for user with uid 0 with any
> credentials cache for server provider.provider
> doing error downcall
> destroying client clnt1f
>
> I'm not sure how to proceed. If anyone has any ideas on what could be
> causing this I'd appreciate them.
>
> PS: Please CC me on replies.

Hi Davíð
What version of nfs-utils are you using?
Is there any interesting output on the server?
What encryption types are in the respective keytabs?
Looking at a packet trace from the client may be the fastest way to
see what is happening.

K.C.

More information about the NFSv4 mailing list